OAuth glossary
Descriptions for common OAuth terms.
legal notice
By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.
#
2-legged OAuth
Authentication flow where the application authenticates directly without user involvement using a client ID and secret (client credentials flow).OAuth flow:
2-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Learn more:Set up 2-legged OAuth
3-legged OAuth
Authentication flow that involves user authorization, allowing the application to act on behalf of a user (authorization code flow).OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Learn more:Set up 3-legged OAuth
A
Access token
A credential used to authenticate API requests. Exchange your OAuth credentials for an access token, then include it on API calls. Access tokens expire after one hour.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Learn more:OAuth reference
App (application)
In Partner Console, an app represents the integration of Indeed APIs and services with your product. Not to be confused with a job application.OAuth flow:
2-legged
3-legged
Cross-productGeneralIntegrationGraphQL APIREST API
Learn more:OAuth glossary: App
Authentication
The process of verifying your app's identity. Exchange your OAuth credentials for an access token, then include it on API calls to authenticate your app's identity and permissions.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
C
Client ID and secret
OAuth credentials generated when you become an Indeed partner. Access your client ID and secret in Partner Console. Use them to authenticate your app with Indeed APIs.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Learn more:OAuth glossary: Client ID and secret
Credential type
The type of credential to request for your app. Options include OAuth 2.0 (generates a client ID and secret for API access) and Indeed Apply (generates an Indeed Apply API token).OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
E
Employer ID
Unique identifier for an employer entity on Indeed, returned by the Employer Data API. Use in the employer parameter to associate an access token with that employer.OAuth flow:
2-legged
3-legged
Cross-productEmployer DataJob SyncJob UpdateGeneralIntegrationGraphQL API
Employer selection screen
Indeed-hosted screen that enables a user to select an employer from a list of employers associated with the user.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
G
Grant type
How the OAuth client is authorized. Authorization code grant type authorizes your app to act on behalf of a user (3-legged). Client credentials grant type authorizes your app to act on behalf of itself (2-legged).OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
I
ID token
Base64-encoded JSON Web Token (JWT) received automatically when you get an access token. Proves that the user has been authenticated and contains information about the current user.OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Learn more:OAuth reference: User info response fields
Indeed Apply API token
Enables you to mark your jobs with the Easily Apply label and enables job seekers to apply without leaving Indeed. The client ID generated for an Indeed Apply credential type serves as your API token.OAuth flow:
2-legged
3-legged
Indeed ApplyCross-productAuthenticationREST API
O
OAuth app
An OAuth client. For an app in the general sense, see app. Not to be confused with a job application.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
OAuth consent screen
Indeed-hosted screen that enables a user to grant consent for scopes requested by the OAuth app, such as the employer_access scope.OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
OAuth credentials
Also known as API credentials. When you become an Indeed partner, Indeed sets up an app. Access your app's OAuth credentials (a client ID and secret) in Partner Console.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
P
Primary user
Sets up and has full access to all resources associated with the Indeed employer account. Creates secondary users and manages their permissions.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Public client
A client that cannot maintain the confidentiality of its credentials, such as a native app or browser-based app. Public clients can use the authorization code grant type only.OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
R
Redirect URL
Page on your website where Indeed redirects a user after trying to authorize your app. If the user authorized your app, Indeed passes an authorization code to your redirect URL.OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Refresh token
Received with your access token when you request the offline_access scope. Use the refresh token to get a new access token. Refresh tokens are valid for 60 days, extended with each refresh.OAuth flow:
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
S
Scopes
Permissions that a user grants to your app. Request scopes when you request an access token.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Secondary user
User that a primary user creates and grants permissions to on an Indeed employer account.OAuth flow:
2-legged
3-legged
Cross-productAuthenticationOAuthGraphQL APIREST API
Related:Primary user
T
Tenant
For Indeed PLUS, a unique Identity Provider (IdP) and its associated users.OAuth flow:
2-legged
3-legged
SCIMAuthenticationREST API
Related:Indeed PLUS